An agent of the European Union Delegation in a third country must prepare a confidential report on a new cyber security threat involving personal data of EU citizens. The report will be generated in a cloud computing platform managed by an external provider and shared with colleagues of the Delegation and the Brussels headquarters. According to the fundamental principles of the General Data Protection Regulation (GDPR) and established security practices by EU services, what is the most critical action that the agent must ensure before sharing the document to comply with the regulation and protect the information?